tISS: Anomalous Behaviour Monitoring
The ability to build intelligence from data and enable the Security team to take a proactive, rather than reactive approach to attack or breach mitigation is clearly becoming a priority for corporate IT security professionals - this despite repressed budgets, stretched resources and concerns around accuracy, and how 'anomalous' and 'normal' behaviour can and should be defined.
Do you carry out security monitoring to detect malicious activity? How is this assessed and prioritised? Do you investigate failed attacks and 'near misses'? What plans do you have in place to improve the monitoring you conduct?
Who should attend
The final agenda will be developed through consultation amongst delegates - provisional discussion areas include:
- Presentation: Short experience report by Ken Bunce of Diligenta - 'What we monitor'
- Anomalous Behaviour Monitoring: What and why?
- Elements of the process
- Process: who does what, how and how much?
- Data sources, timescales and correlation; Log management and data retention
- Senior Manager's issues: Cost / benefit, resourcing, ROI, and management reporting
- Automation and analysis: tools and vendors
- When / how to respond: triage and escalation
- In-house or outsource? Working with MSSPs
"Just wanted to say thanks; another great day where I have come out with more knowledge than I entered with"
"Many thanks; [the event was] very good and beneficial"
"I have never not found a day interesting"
"The Corporate IT Forum is a fantastic level check, free of vendor sell and consultancy hype. I like the open sharing of experience…"
"We get valuable knowledge and experience from members of The Corporate IT Forum. This helps us to make better and informed decisions to reach our business goals…"
"The knowledge from other people on what they are doing/have done is invaluable to my team"
"The workshop validated the marketplace for supplier apps; participants were of a uniformly high standard; personally, I value highly the ethos of the Forum in the fact that it is supplier independent"